search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
usb_modeswitch ver. 2.4.0 with data package 2016-06-12
[tomato.git] / release / src / router / busybox / networking / ntpd_simple.c
blob2cfbd55d482e845e4575e816b7bd12d114cd4704
1 /*
2 * NTP client/server, based on OpenNTPD 3.9p1
3 *
4 * Author: Adam Tkac <vonsch@gmail.com>
5 *
6 * Licensed under GPLv2, see file LICENSE in this source tree.
7 */
8 #include "libbb.h"
9 #include <netinet/ip.h> /* For IPTOS_LOWDELAY definition */
10 #include <sys/resource.h> /* setpriority */
11 #ifndef IPTOS_LOWDELAY
12 # define IPTOS_LOWDELAY 0x10
13 #endif
14
15
16 /* Sync to peers every N secs */
17 #define INTERVAL_QUERY_NORMAL 30
18 #define INTERVAL_QUERY_PATHETIC 60
19 #define INTERVAL_QUERY_AGRESSIVE 5
20
21 /* Bad if *less than* TRUSTLEVEL_BADPEER */
22 #define TRUSTLEVEL_BADPEER 6
23 #define TRUSTLEVEL_PATHETIC 2
24 #define TRUSTLEVEL_AGRESSIVE 8
25 #define TRUSTLEVEL_MAX 10
26
27 #define QSCALE_OFF_MIN 0.05
28 #define QSCALE_OFF_MAX 0.50
29
30 /* Single query might take N secs max */
31 #define QUERYTIME_MAX 15
32 /* Min offset for settime at start. "man ntpd" says it's 128 ms */
33 #define STEPTIME_MIN_OFFSET 0.128
34
35 typedef struct {
36 uint32_t int_partl;
37 uint32_t fractionl;
38 } l_fixedpt_t;
39
40 typedef struct {
41 uint16_t int_parts;
42 uint16_t fractions;
43 } s_fixedpt_t;
44
45 enum {
46 NTP_DIGESTSIZE = 16,
47 NTP_MSGSIZE_NOAUTH = 48,
48 NTP_MSGSIZE = (NTP_MSGSIZE_NOAUTH + 4 + NTP_DIGESTSIZE),
49 };
50
51 typedef struct {
52 uint8_t m_status; /* status of local clock and leap info */
53 uint8_t m_stratum; /* stratum level */
54 uint8_t m_ppoll; /* poll value */
55 int8_t m_precision_exp;
56 s_fixedpt_t m_rootdelay;
57 s_fixedpt_t m_dispersion;
58 uint32_t m_refid;
59 l_fixedpt_t m_reftime;
60 l_fixedpt_t m_orgtime;
61 l_fixedpt_t m_rectime;
62 l_fixedpt_t m_xmttime;
63 uint32_t m_keyid;
64 uint8_t m_digest[NTP_DIGESTSIZE];
65 } msg_t;
66
67 enum {
68 NTP_VERSION = 4,
69 NTP_MAXSTRATUM = 15,
70
71 /* Status Masks */
72 MODE_MASK = (7 << 0),
73 VERSION_MASK = (7 << 3),
74 VERSION_SHIFT = 3,
75 LI_MASK = (3 << 6),
76
77 /* Leap Second Codes (high order two bits of m_status) */
78 LI_NOWARNING = (0 << 6), /* no warning */
79 LI_PLUSSEC = (1 << 6), /* add a second (61 seconds) */
80 LI_MINUSSEC = (2 << 6), /* minus a second (59 seconds) */
81 LI_ALARM = (3 << 6), /* alarm condition */
82
83 /* Mode values */
84 MODE_RES0 = 0, /* reserved */
85 MODE_SYM_ACT = 1, /* symmetric active */
86 MODE_SYM_PAS = 2, /* symmetric passive */
87 MODE_CLIENT = 3, /* client */
88 MODE_SERVER = 4, /* server */
89 MODE_BROADCAST = 5, /* broadcast */
90 MODE_RES1 = 6, /* reserved for NTP control message */
91 MODE_RES2 = 7, /* reserved for private use */
92 };
93
94 #define OFFSET_1900_1970 2208988800UL /* 1970 - 1900 in seconds */
95
96 typedef struct {
97 double d_offset;
98 double d_delay;
99 //UNUSED: double d_error;
100 time_t d_rcv_time;
101 uint32_t d_refid4;
102 uint8_t d_leap;
103 uint8_t d_stratum;
104 uint8_t d_good;
105 } datapoint_t;
106
107 #define NUM_DATAPOINTS 8
108 typedef struct {
109 len_and_sockaddr *p_lsa;
110 char *p_dotted;
111 /* When to send new query (if p_fd == -1)
112 * or when receive times out (if p_fd >= 0): */
113 time_t next_action_time;
114 int p_fd;
115 uint8_t p_datapoint_idx;
116 uint8_t p_trustlevel;
117 double p_xmttime;
118 datapoint_t update;
119 datapoint_t p_datapoint[NUM_DATAPOINTS];
120 msg_t p_xmt_msg;
121 } peer_t;
122
123 enum {
124 OPT_n = (1 << 0),
125 OPT_q = (1 << 1),
126 OPT_N = (1 << 2),
127 OPT_x = (1 << 3),
128 /* Insert new options above this line. */
129 /* Non-compat options: */
130 OPT_p = (1 << 4),
131 OPT_l = (1 << 5) * ENABLE_FEATURE_NTPD_SERVER,
132 };
133
134
135 struct globals {
136 /* total round trip delay to currently selected reference clock */
137 double rootdelay;
138 /* reference timestamp: time when the system clock was last set or corrected */
139 double reftime;
140 llist_t *ntp_peers;
141 #if ENABLE_FEATURE_NTPD_SERVER
142 int listen_fd;
143 #endif
144 unsigned verbose;
145 unsigned peer_cnt;
146 unsigned scale;
147 uint32_t refid;
148 uint32_t refid4;
149 uint8_t synced;
150 uint8_t leap;
151 #define G_precision_exp -6
152 // int8_t precision_exp;
153 uint8_t stratum;
154 uint8_t time_was_stepped;
155 uint8_t first_adj_done;
156 };
157 #define G (*ptr_to_globals)
158
159 static const int const_IPTOS_LOWDELAY = IPTOS_LOWDELAY;
160
161
162 static void
163 set_next(peer_t *p, unsigned t)
164 {
165 p->next_action_time = time(NULL) + t;
166 }
167
168 static void
169 add_peers(char *s)
170 {
171 peer_t *p;
172
173 p = xzalloc(sizeof(*p));
174 p->p_lsa = xhost2sockaddr(s, 123);
175 p->p_dotted = xmalloc_sockaddr2dotted_noport(&p->p_lsa->u.sa);
176 p->p_fd = -1;
177 p->p_xmt_msg.m_status = MODE_CLIENT | (NTP_VERSION << 3);
178 p->p_trustlevel = TRUSTLEVEL_PATHETIC;
179 p->next_action_time = time(NULL); /* = set_next(p, 0); */
180
181 llist_add_to(&G.ntp_peers, p);
182 G.peer_cnt++;
183 }
184
185 static double
186 gettime1900d(void)
187 {
188 struct timeval tv;
189 gettimeofday(&tv, NULL); /* never fails */
190 return (tv.tv_sec + 1.0e-6 * tv.tv_usec + OFFSET_1900_1970);
191 }
192
193 static void
194 d_to_tv(double d, struct timeval *tv)
195 {
196 tv->tv_sec = (long)d;
197 tv->tv_usec = (d - tv->tv_sec) * 1000000;
198 }
199
200 static double
201 lfp_to_d(l_fixedpt_t lfp)
202 {
203 double ret;
204 lfp.int_partl = ntohl(lfp.int_partl);
205 lfp.fractionl = ntohl(lfp.fractionl);
206 ret = (double)lfp.int_partl + ((double)lfp.fractionl / UINT_MAX);
207 return ret;
208 }
209
210 #if 0 //UNUSED
211 static double
212 sfp_to_d(s_fixedpt_t sfp)
213 {
214 double ret;
215 sfp.int_parts = ntohs(sfp.int_parts);
216 sfp.fractions = ntohs(sfp.fractions);
217 ret = (double)sfp.int_parts + ((double)sfp.fractions / USHRT_MAX);
218 return ret;
219 }
220 #endif
221
222 #if ENABLE_FEATURE_NTPD_SERVER
223 static l_fixedpt_t
224 d_to_lfp(double d)
225 {
226 l_fixedpt_t lfp;
227 lfp.int_partl = (uint32_t)d;
228 lfp.fractionl = (uint32_t)((d - lfp.int_partl) * UINT_MAX);
229 lfp.int_partl = htonl(lfp.int_partl);
230 lfp.fractionl = htonl(lfp.fractionl);
231 return lfp;
232 }
233
234 static s_fixedpt_t
235 d_to_sfp(double d)
236 {
237 s_fixedpt_t sfp;
238 sfp.int_parts = (uint16_t)d;
239 sfp.fractions = (uint16_t)((d - sfp.int_parts) * USHRT_MAX);
240 sfp.int_parts = htons(sfp.int_parts);
241 sfp.fractions = htons(sfp.fractions);
242 return sfp;
243 }
244 #endif
245
246 static unsigned
247 error_interval(void)
248 {
249 unsigned interval, r;
250 interval = INTERVAL_QUERY_PATHETIC * QSCALE_OFF_MAX / QSCALE_OFF_MIN;
251 r = (unsigned)rand() % (unsigned)(interval / 10);
252 return (interval + r);
253 }
254
255 static int
256 do_sendto(int fd,
257 const struct sockaddr *from, const struct sockaddr *to, socklen_t addrlen,
258 msg_t *msg, ssize_t len)
259 {
260 ssize_t ret;
261
262 errno = 0;
263 if (!from) {
264 ret = sendto(fd, msg, len, MSG_DONTWAIT, to, addrlen);
265 } else {
266 ret = send_to_from(fd, msg, len, MSG_DONTWAIT, to, from, addrlen);
267 }
268 if (ret != len) {
269 bb_perror_msg("send failed");
270 return -1;
271 }
272 return 0;
273 }
274
275 static int
276 send_query_to_peer(peer_t *p)
277 {
278 // Why do we need to bind()?
279 // See what happens when we don't bind:
280 //
281 // socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 3
282 // setsockopt(3, SOL_IP, IP_TOS, [16], 4) = 0
283 // gettimeofday({1259071266, 327885}, NULL) = 0
284 // sendto(3, "xxx", 48, MSG_DONTWAIT, {sa_family=AF_INET, sin_port=htons(123), sin_addr=inet_addr("10.34.32.125")}, 16) = 48
285 // ^^^ we sent it from some source port picked by kernel.
286 // time(NULL) = 1259071266
287 // write(2, "ntpd: entering poll 15 secs\n", 28) = 28
288 // poll([{fd=3, events=POLLIN}], 1, 15000) = 1 ([{fd=3, revents=POLLIN}])
289 // recv(3, "yyy", 68, MSG_DONTWAIT) = 48
290 // ^^^ this recv will receive packets to any local port!
291 //
292 // Uncomment this and use strace to see it in action:
293 #define PROBE_LOCAL_ADDR // { len_and_sockaddr lsa; lsa.len = LSA_SIZEOF_SA; getsockname(p->query.fd, &lsa.u.sa, &lsa.len); }
294
295 if (p->p_fd == -1) {
296 int fd, family;
297 len_and_sockaddr *local_lsa;
298
299 family = p->p_lsa->u.sa.sa_family;
300 p->p_fd = fd = xsocket_type(&local_lsa, family, SOCK_DGRAM);
301 /* local_lsa has "null" address and port 0 now.
302 * bind() ensures we have a *particular port* selected by kernel
303 * and remembered in p->p_fd, thus later recv(p->p_fd)
304 * receives only packets sent to this port.
305 */
306 PROBE_LOCAL_ADDR
307 xbind(fd, &local_lsa->u.sa, local_lsa->len);
308 PROBE_LOCAL_ADDR
309 #if ENABLE_FEATURE_IPV6
310 if (family == AF_INET)
311 #endif
312 setsockopt(fd, IPPROTO_IP, IP_TOS, &const_IPTOS_LOWDELAY, sizeof(const_IPTOS_LOWDELAY));
313 free(local_lsa);
314 }
315
316 /*
317 * Send out a random 64-bit number as our transmit time. The NTP
318 * server will copy said number into the originate field on the
319 * response that it sends us. This is totally legal per the SNTP spec.
320 *
321 * The impact of this is two fold: we no longer send out the current
322 * system time for the world to see (which may aid an attacker), and
323 * it gives us a (not very secure) way of knowing that we're not
324 * getting spoofed by an attacker that can't capture our traffic
325 * but can spoof packets from the NTP server we're communicating with.
326 *
327 * Save the real transmit timestamp locally.
328 */
329 p->p_xmt_msg.m_xmttime.int_partl = rand();
330 p->p_xmt_msg.m_xmttime.fractionl = rand();
331 p->p_xmttime = gettime1900d();
332
333 if (do_sendto(p->p_fd, /*from:*/ NULL, /*to:*/ &p->p_lsa->u.sa, /*addrlen:*/ p->p_lsa->len,
334 &p->p_xmt_msg, NTP_MSGSIZE_NOAUTH) == -1
335 ) {
336 close(p->p_fd);
337 p->p_fd = -1;
338 set_next(p, INTERVAL_QUERY_PATHETIC);
339 return -1;
340 }
341
342 if (G.verbose)
343 bb_error_msg("sent query to %s", p->p_dotted);
344 set_next(p, QUERYTIME_MAX);
345
346 return 0;
347 }
348
349
350 /* Time is stepped only once, when the first packet from a peer is received.
351 */
352 static void
353 step_time_once(double offset)
354 {
355 double dtime;
356 llist_t *item;
357 struct timeval tv;
358 char buf[80];
359 time_t tval;
360
361 if (G.time_was_stepped)
362 goto bail;
363 G.time_was_stepped = 1;
364
365 /* if the offset is small, don't step, slew (later) */
366 if (offset < STEPTIME_MIN_OFFSET && offset > -STEPTIME_MIN_OFFSET)
367 goto bail;
368
369 gettimeofday(&tv, NULL); /* never fails */
370 dtime = offset + tv.tv_sec;
371 dtime += 1.0e-6 * tv.tv_usec;
372 d_to_tv(dtime, &tv);
373
374 if (settimeofday(&tv, NULL) == -1)
375 bb_perror_msg_and_die("settimeofday");
376
377 tval = tv.tv_sec;
378 strftime_YYYYMMDDHHMMSS(buf, sizeof(buf), &tval);
379
380 bb_error_msg("setting clock to %s (offset %fs)", buf, offset);
381
382 for (item = G.ntp_peers; item != NULL; item = item->link) {
383 peer_t *p = (peer_t *) item->data;
384 p->next_action_time -= (time_t)offset;
385 }
386
387 bail:
388 if (option_mask32 & OPT_q)
389 exit(0);
390 }
391
392
393 /* Time is periodically slewed when we collect enough
394 * good data points.
395 */
396 static int
397 compare_offsets(const void *aa, const void *bb)
398 {
399 const peer_t *const *a = aa;
400 const peer_t *const *b = bb;
401 if ((*a)->update.d_offset < (*b)->update.d_offset)
402 return -1;
403 return ((*a)->update.d_offset > (*b)->update.d_offset);
404 }
405 static unsigned
406 updated_scale(double offset)
407 {
408 if (offset < 0)
409 offset = -offset;
410 if (offset > QSCALE_OFF_MAX)
411 return 1;
412 if (offset < QSCALE_OFF_MIN)
413 return QSCALE_OFF_MAX / QSCALE_OFF_MIN;
414 return QSCALE_OFF_MAX / offset;
415 }
416 static void
417 slew_time(void)
418 {
419 llist_t *item;
420 double offset_median;
421 struct timeval tv;
422
423 {
424 peer_t **peers = xzalloc(sizeof(peers[0]) * G.peer_cnt);
425 unsigned goodpeer_cnt = 0;
426 unsigned middle;
427
428 for (item = G.ntp_peers; item != NULL; item = item->link) {
429 peer_t *p = (peer_t *) item->data;
430 if (p->p_trustlevel < TRUSTLEVEL_BADPEER)
431 continue;
432 if (!p->update.d_good) {
433 free(peers);
434 return;
435 }
436 peers[goodpeer_cnt++] = p;
437 }
438
439 if (goodpeer_cnt == 0) {
440 free(peers);
441 goto clear_good;
442 }
443
444 qsort(peers, goodpeer_cnt, sizeof(peers[0]), compare_offsets);
445
446 middle = goodpeer_cnt / 2;
447 if (middle != 0 && (goodpeer_cnt & 1) == 0) {
448 offset_median = (peers[middle-1]->update.d_offset + peers[middle]->update.d_offset) / 2;
449 G.rootdelay = (peers[middle-1]->update.d_delay + peers[middle]->update.d_delay) / 2;
450 G.stratum = 1 + MAX(peers[middle-1]->update.d_stratum, peers[middle]->update.d_stratum);
451 } else {
452 offset_median = peers[middle]->update.d_offset;
453 G.rootdelay = peers[middle]->update.d_delay;
454 G.stratum = 1 + peers[middle]->update.d_stratum;
455 }
456 G.leap = peers[middle]->update.d_leap;
457 G.refid4 = peers[middle]->update.d_refid4;
458 G.refid =
459 #if ENABLE_FEATURE_IPV6
460 peers[middle]->p_lsa->u.sa.sa_family != AF_INET ?
461 G.refid4 :
462 #endif
463 peers[middle]->p_lsa->u.sin.sin_addr.s_addr;
464 free(peers);
465 }
466 //TODO: if (offset_median > BIG) step_time(offset_median)?
467
468 G.scale = updated_scale(offset_median);
469
470 bb_error_msg("adjusting clock by %fs, our stratum is %u, time scale %u",
471 offset_median, G.stratum, G.scale);
472
473 errno = 0;
474 d_to_tv(offset_median, &tv);
475 if (adjtime(&tv, &tv) == -1)
476 bb_perror_msg_and_die("adjtime failed");
477 if (G.verbose >= 2)
478 bb_error_msg("old adjust: %d.%06u", (int)tv.tv_sec, (unsigned)tv.tv_usec);
479
480 if (G.first_adj_done) {
481 uint8_t synced = (tv.tv_sec == 0 && tv.tv_usec == 0);
482 if (synced != G.synced) {
483 G.synced = synced;
484 bb_error_msg("clock is %ssynced", synced ? "" : "un");
485 }
486 }
487 G.first_adj_done = 1;
488
489 G.reftime = gettime1900d();
490
491 clear_good:
492 for (item = G.ntp_peers; item != NULL; item = item->link) {
493 peer_t *p = (peer_t *) item->data;
494 p->update.d_good = 0;
495 }
496 }
497
498 static void
499 update_peer_data(peer_t *p)
500 {
501 /* Clock filter.
502 * Find the datapoint with the lowest delay.
503 * Use that as the peer update.
504 * Invalidate it and all older ones.
505 */
506 int i;
507 int best = -1;
508 int good = 0;
509
510 for (i = 0; i < NUM_DATAPOINTS; i++) {
511 if (p->p_datapoint[i].d_good) {
512 good++;
513 if (best < 0 || p->p_datapoint[i].d_delay < p->p_datapoint[best].d_delay)
514 best = i;
515 }
516 }
517
518 if (good < 8) //FIXME: was it meant to be NUM_DATAPOINTS, not 8?
519 return;
520
521 p->update = p->p_datapoint[best]; /* struct copy */
522 slew_time();
523
524 for (i = 0; i < NUM_DATAPOINTS; i++)
525 if (p->p_datapoint[i].d_rcv_time <= p->p_datapoint[best].d_rcv_time)
526 p->p_datapoint[i].d_good = 0;
527 }
528
529 static unsigned
530 scale_interval(unsigned requested)
531 {
532 unsigned interval, r;
533 interval = requested * G.scale;
534 r = (unsigned)rand() % (unsigned)(MAX(5, interval / 10));
535 return (interval + r);
536 }
537 static void
538 recv_and_process_peer_pkt(peer_t *p)
539 {
540 ssize_t size;
541 msg_t msg;
542 double T1, T2, T3, T4;
543 unsigned interval;
544 datapoint_t *datapoint;
545
546 /* We can recvfrom here and check from.IP, but some multihomed
547 * ntp servers reply from their *other IP*.
548 * TODO: maybe we should check at least what we can: from.port == 123?
549 */
550 size = recv(p->p_fd, &msg, sizeof(msg), MSG_DONTWAIT);
551 if (size == -1) {
552 bb_perror_msg("recv(%s) error", p->p_dotted);
553 if (errno == EHOSTUNREACH || errno == EHOSTDOWN
554 || errno == ENETUNREACH || errno == ENETDOWN
555 || errno == ECONNREFUSED || errno == EADDRNOTAVAIL
556 || errno == EAGAIN
557 ) {
558 //TODO: always do this?
559 set_next(p, error_interval());
560 goto close_sock;
561 }
562 xfunc_die();
563 }
564
565 if (size != NTP_MSGSIZE_NOAUTH && size != NTP_MSGSIZE) {
566 bb_error_msg("malformed packet received from %s", p->p_dotted);
567 goto bail;
568 }
569
570 if (msg.m_orgtime.int_partl != p->p_xmt_msg.m_xmttime.int_partl
571 || msg.m_orgtime.fractionl != p->p_xmt_msg.m_xmttime.fractionl
572 ) {
573 goto bail;
574 }
575
576 if ((msg.m_status & LI_ALARM) == LI_ALARM
577 || msg.m_stratum == 0
578 || msg.m_stratum > NTP_MAXSTRATUM
579 ) {
580 // TODO: stratum 0 responses may have commands in 32-bit m_refid field:
581 // "DENY", "RSTR" - peer does not like us at all
582 // "RATE" - peer is overloaded, reduce polling freq
583 interval = error_interval();
584 bb_error_msg("reply from %s: not synced, next query in %us", p->p_dotted, interval);
585 goto close_sock;
586 }
587
588 /*
589 * From RFC 2030 (with a correction to the delay math):
590 *
591 * Timestamp Name ID When Generated
592 * ------------------------------------------------------------
593 * Originate Timestamp T1 time request sent by client
594 * Receive Timestamp T2 time request received by server
595 * Transmit Timestamp T3 time reply sent by server
596 * Destination Timestamp T4 time reply received by client
597 *
598 * The roundtrip delay and local clock offset are defined as
599 *
600 * delay = (T4 - T1) - (T3 - T2); offset = ((T2 - T1) + (T3 - T4)) / 2
601 */
602 T1 = p->p_xmttime;
603 T2 = lfp_to_d(msg.m_rectime);
604 T3 = lfp_to_d(msg.m_xmttime);
605 T4 = gettime1900d();
606
607 datapoint = &p->p_datapoint[p->p_datapoint_idx];
608
609 datapoint->d_offset = ((T2 - T1) + (T3 - T4)) / 2;
610 datapoint->d_delay = (T4 - T1) - (T3 - T2);
611 if (datapoint->d_delay < 0) {
612 bb_error_msg("reply from %s: negative delay %f", p->p_dotted, datapoint->d_delay);
613 interval = error_interval();
614 set_next(p, interval);
615 goto close_sock;
616 }
617 //UNUSED: datapoint->d_error = (T2 - T1) - (T3 - T4);
618 datapoint->d_rcv_time = (time_t)(T4 - OFFSET_1900_1970); /* = time(NULL); */
619 datapoint->d_good = 1;
620
621 datapoint->d_leap = (msg.m_status & LI_MASK);
622 //UNUSED: datapoint->o_precision = msg.m_precision_exp;
623 //UNUSED: datapoint->o_rootdelay = sfp_to_d(msg.m_rootdelay);
624 //UNUSED: datapoint->o_rootdispersion = sfp_to_d(msg.m_dispersion);
625 //UNUSED: datapoint->d_refid = ntohl(msg.m_refid);
626 datapoint->d_refid4 = msg.m_xmttime.fractionl;
627 //UNUSED: datapoint->o_reftime = lfp_to_d(msg.m_reftime);
628 //UNUSED: datapoint->o_poll = msg.m_ppoll;
629 datapoint->d_stratum = msg.m_stratum;
630
631 if (p->p_trustlevel < TRUSTLEVEL_PATHETIC)
632 interval = scale_interval(INTERVAL_QUERY_PATHETIC);
633 else if (p->p_trustlevel < TRUSTLEVEL_AGRESSIVE)
634 interval = scale_interval(INTERVAL_QUERY_AGRESSIVE);
635 else
636 interval = scale_interval(INTERVAL_QUERY_NORMAL);
637
638 set_next(p, interval);
639
640 /* Every received reply which we do not discard increases trust */
641 if (p->p_trustlevel < TRUSTLEVEL_MAX) {
642 p->p_trustlevel++;
643 if (p->p_trustlevel == TRUSTLEVEL_BADPEER)
644 bb_error_msg("peer %s now valid", p->p_dotted);
645 }
646
647 if (G.verbose)
648 bb_error_msg("reply from %s: offset %f delay %f, next query in %us", p->p_dotted,
649 datapoint->d_offset, datapoint->d_delay, interval);
650
651 update_peer_data(p);
652 //TODO: do it after all peers had a chance to return at least one reply?
653 step_time_once(datapoint->d_offset);
654
655 p->p_datapoint_idx++;
656 if (p->p_datapoint_idx >= NUM_DATAPOINTS)
657 p->p_datapoint_idx = 0;
658
659 close_sock:
660 /* We do not expect any more packets from this peer for now.
661 * Closing the socket informs kernel about it.
662 * We open a new socket when we send a new query.
663 */
664 close(p->p_fd);
665 p->p_fd = -1;
666 bail:
667 return;
668 }
669
670 #if ENABLE_FEATURE_NTPD_SERVER
671 static void
672 recv_and_process_client_pkt(void /*int fd*/)
673 {
674 ssize_t size;
675 uint8_t version;
676 double rectime;
677 len_and_sockaddr *to;
678 struct sockaddr *from;
679 msg_t msg;
680 uint8_t query_status;
681 uint8_t query_ppoll;
682 l_fixedpt_t query_xmttime;
683
684 to = get_sock_lsa(G.listen_fd);
685 from = xzalloc(to->len);
686
687 size = recv_from_to(G.listen_fd, &msg, sizeof(msg), MSG_DONTWAIT, from, &to->u.sa, to->len);
688 if (size != NTP_MSGSIZE_NOAUTH && size != NTP_MSGSIZE) {
689 char *addr;
690 if (size < 0) {
691 if (errno == EAGAIN)
692 goto bail;
693 bb_perror_msg_and_die("recv");
694 }
695 addr = xmalloc_sockaddr2dotted_noport(from);
696 bb_error_msg("malformed packet received from %s: size %u", addr, (int)size);
697 free(addr);
698 goto bail;
699 }
700
701 query_status = msg.m_status;
702 query_ppoll = msg.m_ppoll;
703 query_xmttime = msg.m_xmttime;
704
705 /* Build a reply packet */
706 memset(&msg, 0, sizeof(msg));
707 msg.m_status = G.synced ? G.leap : LI_ALARM;
708 msg.m_status |= (query_status & VERSION_MASK);
709 msg.m_status |= ((query_status & MODE_MASK) == MODE_CLIENT) ?
710 MODE_SERVER : MODE_SYM_PAS;
711 msg.m_stratum = G.stratum;
712 msg.m_ppoll = query_ppoll;
713 msg.m_precision_exp = G_precision_exp;
714 rectime = gettime1900d();
715 msg.m_xmttime = msg.m_rectime = d_to_lfp(rectime);
716 msg.m_reftime = d_to_lfp(G.reftime);
717 //msg.m_xmttime = d_to_lfp(gettime1900d()); // = msg.m_rectime
718 msg.m_orgtime = query_xmttime;
719 msg.m_rootdelay = d_to_sfp(G.rootdelay);
720 version = (query_status & VERSION_MASK); /* ... >> VERSION_SHIFT - done below instead */
721 msg.m_refid = (version > (3 << VERSION_SHIFT)) ? G.refid4 : G.refid;
722
723 /* We reply from the local address packet was sent to,
724 * this makes to/from look swapped here: */
725 do_sendto(G.listen_fd,
726 /*from:*/ &to->u.sa, /*to:*/ from, /*addrlen:*/ to->len,
727 &msg, size);
728
729 bail:
730 free(to);
731 free(from);
732 }
733 #endif
734
735 /* Upstream ntpd's options:
736 *
737 * -4 Force DNS resolution of host names to the IPv4 namespace.
738 * -6 Force DNS resolution of host names to the IPv6 namespace.
739 * -a Require cryptographic authentication for broadcast client,
740 * multicast client and symmetric passive associations.
741 * This is the default.
742 * -A Do not require cryptographic authentication for broadcast client,
743 * multicast client and symmetric passive associations.
744 * This is almost never a good idea.
745 * -b Enable the client to synchronize to broadcast servers.
746 * -c conffile
747 * Specify the name and path of the configuration file,
748 * default /etc/ntp.conf
749 * -d Specify debugging mode. This option may occur more than once,
750 * with each occurrence indicating greater detail of display.
751 * -D level
752 * Specify debugging level directly.
753 * -f driftfile
754 * Specify the name and path of the frequency file.
755 * This is the same operation as the "driftfile FILE"
756 * configuration command.
757 * -g Normally, ntpd exits with a message to the system log
758 * if the offset exceeds the panic threshold, which is 1000 s
759 * by default. This option allows the time to be set to any value
760 * without restriction; however, this can happen only once.
761 * If the threshold is exceeded after that, ntpd will exit
762 * with a message to the system log. This option can be used
763 * with the -q and -x options. See the tinker command for other options.
764 * -i jaildir
765 * Chroot the server to the directory jaildir. This option also implies
766 * that the server attempts to drop root privileges at startup
767 * (otherwise, chroot gives very little additional security).
768 * You may need to also specify a -u option.
769 * -k keyfile
770 * Specify the name and path of the symmetric key file,
771 * default /etc/ntp/keys. This is the same operation
772 * as the "keys FILE" configuration command.
773 * -l logfile
774 * Specify the name and path of the log file. The default
775 * is the system log file. This is the same operation as
776 * the "logfile FILE" configuration command.
777 * -L Do not listen to virtual IPs. The default is to listen.
778 * -n Don't fork.
779 * -N To the extent permitted by the operating system,
780 * run the ntpd at the highest priority.
781 * -p pidfile
782 * Specify the name and path of the file used to record the ntpd
783 * process ID. This is the same operation as the "pidfile FILE"
784 * configuration command.
785 * -P priority
786 * To the extent permitted by the operating system,
787 * run the ntpd at the specified priority.
788 * -q Exit the ntpd just after the first time the clock is set.
789 * This behavior mimics that of the ntpdate program, which is
790 * to be retired. The -g and -x options can be used with this option.
791 * Note: The kernel time discipline is disabled with this option.
792 * -r broadcastdelay
793 * Specify the default propagation delay from the broadcast/multicast
794 * server to this client. This is necessary only if the delay
795 * cannot be computed automatically by the protocol.
796 * -s statsdir
797 * Specify the directory path for files created by the statistics
798 * facility. This is the same operation as the "statsdir DIR"
799 * configuration command.
800 * -t key
801 * Add a key number to the trusted key list. This option can occur
802 * more than once.
803 * -u user[:group]
804 * Specify a user, and optionally a group, to switch to.
805 * -v variable
806 * -V variable
807 * Add a system variable listed by default.
808 * -x Normally, the time is slewed if the offset is less than the step
809 * threshold, which is 128 ms by default, and stepped if above
810 * the threshold. This option sets the threshold to 600 s, which is
811 * well within the accuracy window to set the clock manually.
812 * Note: since the slew rate of typical Unix kernels is limited
813 * to 0.5 ms/s, each second of adjustment requires an amortization
814 * interval of 2000 s. Thus, an adjustment as much as 600 s
815 * will take almost 14 days to complete. This option can be used
816 * with the -g and -q options. See the tinker command for other options.
817 * Note: The kernel time discipline is disabled with this option.
818 */
819
820 /* By doing init in a separate function we decrease stack usage
821 * in main loop.
822 */
823 static NOINLINE void ntp_init(char **argv)
824 {
825 unsigned opts;
826 llist_t *peers;
827
828 srand(getpid());
829
830 if (getuid())
831 bb_error_msg_and_die(bb_msg_you_must_be_root);
832
833 peers = NULL;
834 opt_complementary = "dd:p::"; /* d: counter, p: list */
835 opts = getopt32(argv,
836 "nqNx" /* compat */
837 "p:"IF_FEATURE_NTPD_SERVER("l") /* NOT compat */
838 "d" /* compat */
839 "46aAbgL", /* compat, ignored */
840 &peers, &G.verbose);
841 if (!(opts & (OPT_p|OPT_l)))
842 bb_show_usage();
843 if (opts & OPT_x) /* disable stepping, only slew is allowed */
844 G.time_was_stepped = 1;
845 while (peers)
846 add_peers(llist_pop(&peers));
847 if (!(opts & OPT_n)) {
848 bb_daemonize_or_rexec(DAEMON_DEVNULL_STDIO, argv);
849 logmode = LOGMODE_NONE;
850 }
851 #if ENABLE_FEATURE_NTPD_SERVER
852 G.listen_fd = -1;
853 if (opts & OPT_l) {
854 G.listen_fd = create_and_bind_dgram_or_die(NULL, 123);
855 socket_want_pktinfo(G.listen_fd);
856 setsockopt(G.listen_fd, IPPROTO_IP, IP_TOS, &const_IPTOS_LOWDELAY, sizeof(const_IPTOS_LOWDELAY));
857 }
858 #endif
859 /* I hesitate to set -20 prio. -15 should be high enough for timekeeping */
860 if (opts & OPT_N)
861 setpriority(PRIO_PROCESS, 0, -15);
862
863 /* Set some globals */
864 #if 0
865 /* With constant b = 100, G.precision_exp is also constant -6.
866 * Uncomment this and you'll see */
867 {
868 int prec = 0;
869 int b;
870 # if 0
871 struct timespec tp;
872 /* We can use sys_clock_getres but assuming 10ms tick should be fine */
873 clock_getres(CLOCK_REALTIME, &tp);
874 tp.tv_sec = 0;
875 tp.tv_nsec = 10000000;
876 b = 1000000000 / tp.tv_nsec; /* convert to Hz */
877 # else
878 b = 100; /* b = 1000000000/10000000 = 100 */
879 # endif
880 while (b > 1)
881 prec--, b >>= 1;
882 //G.precision_exp = prec;
883 bb_error_msg("G.precision_exp:%d", prec); /* -6 */
884 }
885 #endif
886 G.scale = 1;
887
888 bb_signals((1 << SIGTERM) | (1 << SIGINT), record_signo);
889 bb_signals((1 << SIGPIPE) | (1 << SIGHUP), SIG_IGN);
890 }
891
892 int ntpd_main(int argc UNUSED_PARAM, char **argv) MAIN_EXTERNALLY_VISIBLE;
893 int ntpd_main(int argc UNUSED_PARAM, char **argv)
894 {
895 struct globals g;
896 struct pollfd *pfd;
897 peer_t **idx2peer;
898
899 memset(&g, 0, sizeof(g));
900 SET_PTR_TO_GLOBALS(&g);
901
902 ntp_init(argv);
903
904 {
905 /* if ENABLE_FEATURE_NTPD_SERVER, + 1 for listen_fd: */
906 unsigned cnt = g.peer_cnt + ENABLE_FEATURE_NTPD_SERVER;
907 idx2peer = xzalloc(sizeof(idx2peer[0]) * cnt);
908 pfd = xzalloc(sizeof(pfd[0]) * cnt);
909 }
910
911 while (!bb_got_signal) {
912 llist_t *item;
913 unsigned i, j;
914 unsigned sent_cnt, trial_cnt;
915 int nfds, timeout;
916 time_t cur_time, nextaction;
917
918 /* Nothing between here and poll() blocks for any significant time */
919
920 cur_time = time(NULL);
921 nextaction = cur_time + 3600;
922
923 i = 0;
924 #if ENABLE_FEATURE_NTPD_SERVER
925 if (g.listen_fd != -1) {
926 pfd[0].fd = g.listen_fd;
927 pfd[0].events = POLLIN;
928 i++;
929 }
930 #endif
931 /* Pass over peer list, send requests, time out on receives */
932 sent_cnt = trial_cnt = 0;
933 for (item = g.ntp_peers; item != NULL; item = item->link) {
934 peer_t *p = (peer_t *) item->data;
935
936 /* Overflow-safe "if (p->next_action_time <= cur_time) ..." */
937 if ((int)(cur_time - p->next_action_time) >= 0) {
938 if (p->p_fd == -1) {
939 /* Time to send new req */
940 trial_cnt++;
941 if (send_query_to_peer(p) == 0)
942 sent_cnt++;
943 } else {
944 /* Timed out waiting for reply */
945 close(p->p_fd);
946 p->p_fd = -1;
947 timeout = error_interval();
948 bb_error_msg("timed out waiting for %s, "
949 "next query in %us", p->p_dotted, timeout);
950 if (p->p_trustlevel >= TRUSTLEVEL_BADPEER) {
951 p->p_trustlevel /= 2;
952 if (p->p_trustlevel < TRUSTLEVEL_BADPEER)
953 bb_error_msg("peer %s now invalid", p->p_dotted);
954 }
955 set_next(p, timeout);
956 }
957 }
958
959 if (p->next_action_time < nextaction)
960 nextaction = p->next_action_time;
961
962 if (p->p_fd >= 0) {
963 /* Wait for reply from this peer */
964 pfd[i].fd = p->p_fd;
965 pfd[i].events = POLLIN;
966 idx2peer[i] = p;
967 i++;
968 }
969 }
970
971 if ((trial_cnt > 0 && sent_cnt == 0) || g.peer_cnt == 0)
972 step_time_once(0); /* no good peers, don't wait */
973
974 timeout = nextaction - cur_time;
975 if (timeout < 1)
976 timeout = 1;
977
978 /* Here we may block */
979 if (g.verbose >= 2)
980 bb_error_msg("poll %us, sockets:%u", timeout, i);
981 nfds = poll(pfd, i, timeout * 1000);
982 if (nfds <= 0)
983 continue;
984
985 /* Process any received packets */
986 j = 0;
987 #if ENABLE_FEATURE_NTPD_SERVER
988 if (g.listen_fd != -1) {
989 if (pfd[0].revents /* & (POLLIN|POLLERR)*/) {
990 nfds--;
991 recv_and_process_client_pkt(/*g.listen_fd*/);
992 }
993 j = 1;
994 }
995 #endif
996 for (; nfds != 0 && j < i; j++) {
997 if (pfd[j].revents /* & (POLLIN|POLLERR)*/) {
998 nfds--;
999 recv_and_process_peer_pkt(idx2peer[j]);
1000 }
1001 }
1002 } /* while (!bb_got_signal) */
1003
1004 kill_myself_with_sig(bb_got_signal);
1005 }
Tomato firmware and modifications.